📦 Spx Tracking — 包裹追踪服务

v1.0.1

技能 when 用户 mentions tracking number matching SPX format (CNMY..., SPXMY...),...

0· 152·0 当前·0 累计

by @wiziscool (Wiz)

网络工具

下载技能包

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill's code, instructions, and requirements are consistent with its stated purpose (querying SPX Express tracking); it asks for no unrelated secrets or installs and performs only an HTTP query to the SPX API and local parsing.

评估建议

This skill appears to do exactly what it claims: query the SPX public tracking API and format results. Before installing or using it: (1) Do not provide browser session cookies unless you understand the privacy implications — the script will forward any cookie you pass to spx.com.my. (2) If you want maximum privacy, run it without the --cookie flag; the public API typically supports unauthenticated reads. (3) The package auto-installs the Python requests library into a venv on first run — review...

详细分析 ▾

✓ 用途与能力

Name and description match the bundled script and usage. The script calls the SPX public API (spx.com.my) and parses tracking data; the declared runtime requirement (python) and requests dependency are appropriate and proportionate.

✓ 指令范围

Runtime instructions limit activity to calling the SPX API, formatting results, and optionally using a provided browser cookie. The SKILL.md explicitly warns not to echo raw API responses. The script does not reference unrelated files, system state, or external endpoints beyond the SPX domain.

✓ 安装机制

No install spec is provided (instruction-only), and requirements.txt only lists requests. The script may auto-create a venv and install requests per SKILL.md; this is a low-risk, expected behavior for a Python helper script.

ℹ 凭证需求

No environment variables or credentials are required. The only sensitive input is an optional `--cookie` argument which, if supplied, is sent to spx.com.my as an HTTP Cookie header. This is reasonable for accessing authenticated sessions but is sensitive — users should avoid supplying session cookies unless necessary.

✓ 持久化与权限

The skill is not always-enabled and requests no system or agent-wide privileges. It does not modify other skills or global configuration. Autonomous invocation is allowed (platform default) and is not combined with elevated privileges here.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install spx-tracking

镜像加速npx clawhub@latest install spx-tracking --registry https://cn.longxiaskill.com镜像同步中

需要定制？告诉我你的需求 →

数据来源：ClawHub ↗ · 中文优化：龙虾技能库